The '''libvirt''' client allows for the setting of permission rules which can be applied to all managed objects and API operations, thus allowing for all client connections to be limited to a minimal set of rules and privileges.

* Unauthenticated - used for all connections, this state allows all API operations that are required to complete authentication. Following a successful authentication, two more levels can be assigned:

−

{{admon/warning| Beat has already been converted to XML|Be sure to set Wiki Good to '''*''' and In Publican to '''0''' if this beat is modified}}

+

** Unrestricted - full access to all API operations

+

** Restricted - read only access

+

System administrators can set permission rules for authenticated connections. Every API call in '''libvirt''' has a set of permissions that are validated against the object that is being used. For example, User A wants to change a parameter in the '''domain''' object. When the user tries to save the change, '''virDomainSetSchedulerParametersFlags''' method will check whether the client has write permissions on the '''domain''' object. Additional checks and permission settings can be processed as well. Filtering can also be done to see which clients have permissions on which objects to allow for smother administration of permissions.

+

The '''libvirtd.conf''' configuration file is responsible for setting the access permissions. It uses the ''access_drivers'' parameter to enable this operation. Note that if more than one access driver is requested, all must succeed in order for permission to be granted.

+

More information can be found here:

−

The QEMU open source machine emulator has been updated to version 1.0. Notable features include:

+

* https://fedoraproject.org/wiki/Changes/Virt_ACLs

+

* http://libvirt.org/acl.html

−

* QEMU now supports live migration of running guests.

+

==Virt-manager Snapshots==

−

* KVM users are now able to run standard performance profiling tools within KVM guests.

+

Virtual Machine Manager ('''virt-manager''') allows for easy management and monitoring of KVM guest virtual machine snapshots. Note that '''virt-manager''' will pause the guest virtual machine for a few seconds while taking the snapshot.

−

* QEMU and ''libvirt'' now support image streaming. Image streaming lets an administrator start new virtual machines quickly based on existing images; virtual machines are then provisioned completely in the background as they run.

+

More information is available here:

−

* QEMU and KVM support a new advanced SCSI-based storage stack, ''virtio-scsi''. Support for this new storage stack will be added to ''libvirt'' in a later release.

+

* https://fedoraproject.org/wiki/Changes/Virt_Manager_Snapshots

+

* http://fedoraproject.org/wiki/Features/Virt_Live_Snapshots

+

* http://libvirt.org/formatsnapshot.html

+

* Snapshot section here: http://linux.die.net/man/1/virsh

+

* https://fedoraproject.org/wiki/QA:Testcase_Virt_Snapshot_UI

−

The full list of changes included in this release is available upstream at http://wiki.qemu.org/ChangeLog/1.0.

+

==ARM emulation on x86 Host Physical Machines==

+

Changes have been made to have smoother emulation of ARM guest virtual machines running on x86 hosts using standard '''libvirt''' tools, including '''virsh''', '''virt-manager''' and '''virt-install'''.

+

'''qemu''' has an ARM emulator that works well and is actively used in the Fedora ARM effort. However '''libvirt''' and '''virt-manager''' currently have issues launching '''qemu-system-arm''' VMs, mostly by encoding x86 assumptions in the generated command line that cause '''qemu-system-arm''' to fail to start. Changes have been made to fix this issue.

+

More information can be found here: https://fedoraproject.org/wiki/Changes/Virt_ARM_on_x86

−

== libvirt ==

+

==Ryu Software Defined Networking==

+

Fedora 20 features Ryu, software that enables effective, software defined networking for OpenStack virtualization. As a building block of an OpenFlow controller, Ryu provides a Layer 2 isolated network for Openstack. For more information, read:

−

The ''libvirt'' toolkit for interacting with the virtualization capabilities of various hosts has been updated to version 0.9.10. The full list of changes included in this release is available upstream at http://libvirt.org/news.html.

+

* http://osrg.github.com/ryu/

+

* https://github.com/osrg/ryu/wiki

+

* http://osrg.github.com/ryu/doc/index.html

−

== Virtual Machine Manager (virt-manager) ==

−

Virtual Machine Manager has been updated to version 0.9.1. As well as numerous bug fixes this release adds:

−

−

* Support for adding USB redirection devices.

−

* An option to change the USB controller to support USB 2.0.

−

* An option to specify the machine type for non-x86 guests.

−

−

The full list of changes included in this release is available upstream at http://virt-manager.org/download.html.

[[Category:Docs Project]]

[[Category:Docs Project]]

[[Category:Draft documentation]]

[[Category:Draft documentation]]

[[Category:Documentation beats]]

[[Category:Documentation beats]]

Revision as of 18:55, 20 October 2013

Beat Closed on Wiki Work on beats has now moved to git at https://pagure.io/release-notes. If you have changes or additions, please contact the docs team via #fedora-docs, docs@lists.fedoraproject.org, or with the release-notes BZ component.

Contents

Libvirt Client Access Control

The libvirt client allows for the setting of permission rules which can be applied to all managed objects and API operations, thus allowing for all client connections to be limited to a minimal set of rules and privileges.
There are three levels of access which can be assigned:

Unauthenticated - used for all connections, this state allows all API operations that are required to complete authentication. Following a successful authentication, two more levels can be assigned:

Unrestricted - full access to all API operations

Restricted - read only access

System administrators can set permission rules for authenticated connections. Every API call in libvirt has a set of permissions that are validated against the object that is being used. For example, User A wants to change a parameter in the domain object. When the user tries to save the change, virDomainSetSchedulerParametersFlags method will check whether the client has write permissions on the domain object. Additional checks and permission settings can be processed as well. Filtering can also be done to see which clients have permissions on which objects to allow for smother administration of permissions.
The libvirtd.conf configuration file is responsible for setting the access permissions. It uses the access_drivers parameter to enable this operation. Note that if more than one access driver is requested, all must succeed in order for permission to be granted.
More information can be found here:

Virt-manager Snapshots

Virtual Machine Manager (virt-manager) allows for easy management and monitoring of KVM guest virtual machine snapshots. Note that virt-manager will pause the guest virtual machine for a few seconds while taking the snapshot.
More information is available here:

ARM emulation on x86 Host Physical Machines

Changes have been made to have smoother emulation of ARM guest virtual machines running on x86 hosts using standard libvirt tools, including virsh, virt-manager and virt-install.
qemu has an ARM emulator that works well and is actively used in the Fedora ARM effort. However libvirt and virt-manager currently have issues launching qemu-system-arm VMs, mostly by encoding x86 assumptions in the generated command line that cause qemu-system-arm to fail to start. Changes have been made to fix this issue.
More information can be found here: https://fedoraproject.org/wiki/Changes/Virt_ARM_on_x86

Ryu Software Defined Networking

Fedora 20 features Ryu, software that enables effective, software defined networking for OpenStack virtualization. As a building block of an OpenFlow controller, Ryu provides a Layer 2 isolated network for Openstack. For more information, read:

Red Hat, Red Hat Enterprise Linux, the Shadowman logo, and JBoss are trademarks or registered trademarks of
Red Hat, Inc. or its subsidiaries in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the U.S. and other countries.
The Fedora Project is maintained and driven by the community and sponsored by Red Hat. This is a community
maintained site. Red Hat is not responsible for content.